lumma | 363c18f062e7988139c4d3ba1d5234a9af1d78bf021ac04ce49ac0c28f3b16ee

Analysis

max time kernel
345s
max time network
353s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2025, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/downloader_nsis_plugin.dll
Size

1.2MB
MD5

14930a06cbfb26d5ffffd354fa12d5f8
SHA1

1de289bab03eaad965e419d657c3531a3738c558
SHA256

3ef7a13886328dafba1c49ec096da122e63839ac6965bf4f3d4dcce3a35ccc6d
SHA512

385268602f050c060795312c9cb86e979030a21b8cecc20303b346bbc0800a468a84a291224592d9b0e43458e579660b8062f6b9cba3b2e79aab5015d1dcc67b
SSDEEP

24576:eDe+j+n40zyob+w+LsoZttOWR7vDzAOdYKT9s6rNnb3Khz:Eei+n7zy2ULsGjOWR7vDzhdYKThNnzKN

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: =@L
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 17 IoCs

pid	Process
6732	[NEW] Roblox Executor Hack (Undetected).exe
6816	[NEW] Roblox Executor Hack (Undetected).exe
7112	[NEW] Roblox Executor Hack (Undetected).exe
1904	[NEW] Roblox Executor Hack (Undetected).exe
1220	[NEW] Roblox Executor Hack (Undetected).exe
3676	[NEW] Roblox Executor Hack (Undetected).exe
4388	[NEW] Roblox Executor Hack (Undetected).exe
2784	[NEW] Roblox Executor Hack (Undetected).exe
6276	[NEW] Roblox Executor Hack (Undetected).exe
4380	[NEW] Roblox Executor Hack (Undetected).exe
6388	[NEW] Roblox Executor Hack (Undetected).exe
6396	[NEW] Roblox Executor Hack (Undetected).exe
6404	[NEW] Roblox Executor Hack (Undetected).exe
2612	[NEW] Roblox Executor Hack (Undetected).exe
4224	[NEW] Roblox Executor Hack (Undetected).exe
624	[NEW] Roblox Executor Hack (Undetected).exe
2060	[NEW] Roblox Executor Hack (Undetected).exe

Suspicious use of SetThreadContext 7 IoCs

description	pid	Process	procid_target
PID 6732 set thread context of 6816	6732	[NEW] Roblox Executor Hack (Undetected).exe	202
PID 7112 set thread context of 1904	7112	[NEW] Roblox Executor Hack (Undetected).exe	209
PID 1220 set thread context of 4388	1220	[NEW] Roblox Executor Hack (Undetected).exe	216
PID 2784 set thread context of 6276	2784	[NEW] Roblox Executor Hack (Undetected).exe	222
PID 4380 set thread context of 6404	4380	[NEW] Roblox Executor Hack (Undetected).exe	230
PID 2612 set thread context of 4224	2612	[NEW] Roblox Executor Hack (Undetected).exe	236
PID 624 set thread context of 2060	624	[NEW] Roblox Executor Hack (Undetected).exe	242

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 8 IoCs

pid	pid_target	Process	procid_target
4888	1064	WerFault.exe	84
6976	6732	WerFault.exe	200
2900	7112	WerFault.exe	207
5916	1220	WerFault.exe	213
6300	2784	WerFault.exe	220
6428	4380	WerFault.exe	226
2668	2612	WerFault.exe	234
6488	624	WerFault.exe	240

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[NEW] Roblox Executor Hack (Undetected).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133804989849324238"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Documents"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000fa6392e59718db01e64a70c2a118db01fdce5d61ee5edb0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000200000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "7"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4324	chrome.exe
4324	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4196	OpenWith.exe
1496	chrome.exe
5668	chrome.exe
5456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4824	OpenWith.exe
4824	OpenWith.exe
4824	OpenWith.exe
4824	OpenWith.exe
4824	OpenWith.exe
4824	OpenWith.exe
4824	OpenWith.exe
1496	chrome.exe
3808	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5456	chrome.exe
4580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 1064	3628	rundll32.exe	84
PID 3628 wrote to memory of 1064	3628	rundll32.exe	84
PID 3628 wrote to memory of 1064	3628	rundll32.exe	84
PID 4324 wrote to memory of 3960	4324	chrome.exe	90
PID 4324 wrote to memory of 3960	4324	chrome.exe	90
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 5108	4324	chrome.exe	91
PID 4324 wrote to memory of 3056	4324	chrome.exe	92
PID 4324 wrote to memory of 3056	4324	chrome.exe	92
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93
PID 4324 wrote to memory of 1020	4324	chrome.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\downloader_nsis_plugin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\downloader_nsis_plugin.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1064
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 896
    3⤵
    - Program crash
    PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1064 -ip 1064
1⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbc4dacc40,0x7ffbc4dacc4c,0x7ffbc4dacc58
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2320 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4616,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3680 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4396,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3888,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5296,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:2
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4876,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4688,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3276,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5792,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3240,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5816,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=2496,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5440,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1316 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4996,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4840,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4772,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3428,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6516,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6472,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5872,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6348,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6568,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6724,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6720,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6984,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7140,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7484,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7308,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7504,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7616,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7704,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7288,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7964,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8340 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7612,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8472,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8480 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8648,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8616 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8656,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8672,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8940 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8688,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9124 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8696,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9232 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8712,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9260 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7832,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9480 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7372,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7476,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=7740,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9784 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7384,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7444,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9904 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7464,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10124 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7500,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10152 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=7776,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=7732,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10492 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=8736,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10616 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=8744,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10640 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=8768,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10856 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=8784,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10884 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=8800,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11008 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=7172,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=5568,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=8660,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=7160,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=10260,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=10608,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=3380,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=7020,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10696 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=10728,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10668 /prefetch:1
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=10720,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9840 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=10920,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10924 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=10192,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10392,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7900,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10184 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=10184,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=10476,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10404 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=10188,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10472,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9960 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10116,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3152,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10940 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1384,i,4775132663644609862,13631206058516021383,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7752 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4580

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3100

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4396

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x528
1⤵
PID:2628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4824

C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
"C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:6732
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 136
  2⤵
  - Program crash
  PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6732 -ip 6732
1⤵
PID:6900

C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
"C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:7112
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 764
  2⤵
  - Program crash
  PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7112 -ip 7112
1⤵
PID:5884

C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
"C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1220
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 772
  2⤵
  - Program crash
  PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1220 -ip 1220
1⤵
PID:5940

C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
"C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2784
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6276
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 764
  2⤵
  - Program crash
  PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2784 -ip 2784
1⤵
PID:6248

C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
"C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4380
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  PID:6388
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  PID:6396
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 792
  2⤵
  - Program crash
  PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4380 -ip 4380
1⤵
PID:4260

C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
"C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2612
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 764
  2⤵
  - Program crash
  PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2612 -ip 2612
1⤵
PID:1832

C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
"C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:624
- C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe
  "C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 780
  2⤵
  - Program crash
  PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 624 -ip 624
1⤵
PID:6464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\109bc3b8-538a-4626-b349-c7d33ae334ad.tmp

Filesize
11KB

MD5
e265bc7df43fe1608a311ecd99f776a2

SHA1
e1bdb65a994dc77c1d79b9672310d8d3a1d8debf

SHA256
fe4008574d8c87024d1bed562c5236adbbf81f6ff00c34585abc73a1cf8e7276

SHA512
12656bae457c1091f8d295aa9067476b4f6cb6d03a3041e67bb0835e4e11d661e5907aaf559d69d571762cbe8a726ba6041062d4740d286229ebc475ea9c8b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c92d05bfd0f125480a344a7744be9f45

SHA1
a8cd22e8a437fb6a0d8fda4d0244efd595d552ff

SHA256
f94f8148853a51a4130044555c5a4580c871d6ccdb483e5f6a1155c8ee023642

SHA512
c061a26cf6608ee41d9cff6fbdc029f8809834b81ceb82d802cb5aa93f58e4dca30ea86dc9dc28049e88e35ec7352aae5c648fb9bbba68a598701270d8711d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
142ee94bcefcf7c0a8894e9580779eb8

SHA1
1d0b9ca664b1e7b256cd6ba119ebc49362e5f44d

SHA256
c98231b7b10b5019fd0f3a7932e6b8f81b2cf9e6b19f99dfa31c0389167e9784

SHA512
fb5e3d2f22d9db21e18a1f8c345200f0218d7b3d1aa81010ad5b9ca52b0852e6b9b975274ab62b893702dcaf013dfb801d0a498b3a0d81b18b5ac21fd4ab449a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
12a369b017d4812f2e2a639dded959d7

SHA1
89627a98583d07b5e24a2f2bfb418e833a0dc436

SHA256
675f265264e3eebc5f6cfc21bf2b71678c7f3a3e3b87225a14407cb10e5f7642

SHA512
db6cfff877c38e29a4760274974ccc64a38b0777d54bddd8dd494e658e795d4f08432f4fed8de02e62a3e7672d5c2366d11b24ca860c37cc1cb2ba7327eb1822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ac69e4114913c4b23940e8ca8ca77c82

SHA1
2e7ac64b559534693a9770f910ca627dee5515be

SHA256
49973c2aba1261f656f3537f21ec1cd832eb5554a2505dd38d737246afd8892c

SHA512
5938beb0a13319c4b272bb5d6907ee53296167d2c8385b74f0c02332acd0c3b6721ebf5acbc157615975138aa5caaf1066b8d45c7b30c77c1aa54752ce23941d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
714cbfd32c512628881427f4be31125a

SHA1
8abaafca34615ae5a3111f2d82f0b70f9473954c

SHA256
9218f76414b5e15f7b0569b85e90ec11c3a04bd655f8a5f84b701e8fb48e10c6

SHA512
23a6c7e0dc492a968313c0a2e69ba964af937f8febb0dc5ca91abccee2b20a0b557683457f75e8155815c89d45adf798e8f75cd83f087f9f6160578d6b27155a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
864cfc42389d01236177ea157c4c024e

SHA1
313ddf7dcc60588763db4d8cff51232f8c6cf399

SHA256
d684000bf1f1deb48ecb6e0387a1c15a5b42c3a74eb9f1e618d8bda81d72b499

SHA512
54366341b2b1af1caf990824fa73d735e79ca471b413ffbfec745ba799e2a70c24277f3a677670e35a14196f944464d55a26559999893f500a864ee3ba691da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9a8764937dcc9bb116a88ca07d0de315

SHA1
537f466e5d017af69f5ef71bbfba06a12dbfcb81

SHA256
56748bda92c06ff70a91b6a9d4993e5e6029fdba0d3a80f784ccd833b9d09ff9

SHA512
0047a1160955a7df146d8f0ac615369fc01052196fd2677fa4b75781feb5d69077066ebd23106cbc0fd362c7b3579342d0d274eeba9656930560e6f15326af81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d1ef84a37fdd3778959e5a3a1c146470

SHA1
76e07a9b2f29c8fc335a5a6e8ec24641de7d2647

SHA256
a0e6debbd02064c8eed1f609c77c94df1207cc7cd0fd0c1e2f2a0a18d7817d70

SHA512
f8ab300141ff838747c869fc9b2b1f27e069905d1a7e2bf63cf533e76464179c393c25779ec65f263bd0ba7ef6d20cd3f7e56358ec1e823e962653028d6ebe04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3e2151fd5b7f46726feed5a7b07f048a

SHA1
a2d6b857d273e8be72f5a275f6633a98d4bb6e8c

SHA256
e015deef1922353e0a96b7921a8f8ffcec7ab01a9eae69dfa1945a1908d36f39

SHA512
978bf06eac40c790424f14123aec0b5f3fe1b6b087088e1bef42045de55308113e16fdd52fc00636f412dd2cd0ac33cbff1fce2deb80ddd76209a919bc764bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
36KB

MD5
2084325b63e3626686ca7d7d8e12dda3

SHA1
f6461018904877c1fa10f03d4562663884956071

SHA256
09d9a6c35f02fd43ddfbd6a575a4eae97484a6966ec733e0ca1816f2fd580834

SHA512
4bcd03474e6a9bb008dbce306dba4cec2523c7b48caac29d87abc437ba304e6d78511e2976b75b5744019f2c837f63428d007b678874502aa9cc983847fd77e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
4af05d0fd67c71f86dfbfb15662b9de0

SHA1
fc8aabe4b87d9d28060e045471c07e9ea977dd74

SHA256
5039acf578bec8916cb470fc7ba3ebfe6dd20203fad8547873712d35c4dfb697

SHA512
f0b0e7635433c50015e34b826fab9816de18b57b82217a86a8c97d59f9bfad7239a33f9ac10d525b1704025745ca16ce69733af46a156b8df19647e0ff8f3c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fa3c4ec4ee22b7fd63f9faeb4c31785f

SHA1
96059727cb5edd3590eb90c558897cdccd83647a

SHA256
6195f81a0320c8f07653c0b5aa646e982608b2a11525f144f87e1d219e34482c

SHA512
a7b1c38f3eba1f30fa0a26c400c5ecee326bc9d7322e0b4208c49e8867635cabd8f7def9e18ad9d694e5ba9b31f84ae42299ebe2452b7177d77fcf53b774e625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5e44f94a6048aba710abb23356079f4e

SHA1
1a181513c7bb6656a87451dcfb07f61588f6a875

SHA256
0397e2fb55cf7219f734ae42020565051eff33fed2376582affb5b1949e2eff4

SHA512
fa7b68bba14522ca7d03f4200283b99eebea5e55cdf32986d9f06b4429e89799fe4c1225babf7097f0fb1bbac94688a10abbb042315715ce15a0370152cfdd54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
519b18167c07609718cdca7f524344a9

SHA1
4bd6238786c3b2bc619fe52bf4482d3e3a1672ed

SHA256
befea79f8a78e78c15551a5de13925e15f67f64843e2b0a7b8f4ea0b1a38c06f

SHA512
e0eef76f7062e19a341b3ae3b50a1c6dfc11e9f1b7e4332ca3eb4847ccdf6b964d191c9171a5acc63145a3a9243e45c21ddbbd63f4cf4d4654811884f47378d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8bb3d68763345dd7a29f0373dde4fc92

SHA1
29a3efcf00f81c942b5c9fac3040b1aa96103f6d

SHA256
347d667211271c5ff598e1f4fc004a9626018e3518db5e9fb5e08cc65f101748

SHA512
326a3017f965ea31bf38a3f703ed6aa90c5337a48a7d7ddaa92b4622b01fe3cccee61fcc7e40f104cc38260ed30bd7dad906e9d29e464bb970ef302f7849e044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
faf9e652f805f3489d37b61a31ace370

SHA1
b82716a6929c57a54326ad49a1bd21c7679927f4

SHA256
5ceacdc6aae71d8dcb866c710449171ef18589eeec7b042c03d036ac23d75e20

SHA512
72f4d8a2c8039a42abc978b7c1c7d73ab7613ce835267f9cdbf4b0fc3baec01a1287e4895943f8093ae6d47cfc2f71797345af2c32814366789ecbbbef485db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
4619d1e75762d8ab51dec9395d818b14

SHA1
6630f8a10eb55004f4e413e5bc73d9e3ca41e8b8

SHA256
7537a5ff43323d630d330df93bbadc3df64a2026447a6fccf1bbe2d5bc5ba1e3

SHA512
04ec56680a3162d46041122e6080b5ce8f986c42e706d108b66465cf003f6ef5ed4b22906814a86d6285d6c0c35906034d329d964c8bd3fb3bbb102e182f8b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d1a35d2536a9d91980613ab23a64bda0

SHA1
ce6bcf6ad0eba52a602904ab34e17d16df58be5d

SHA256
278d9c2026e79441df4d6d4156e07a3be00761f668d8707b945c01b8c0b48a3c

SHA512
8c4a3ffaf7f48c4dcc371c65305aa0d673000b02d3b1218c6125fef940584eb1efc8936491b5a23c930633653a57e8ab293dd12802d43a4f3f3b4ba44954c35d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
1482658c11ab7779ec8aca982a798a22

SHA1
021aaa0ef85250db03e70383e952ca4e6ba3e3bc

SHA256
5927a0cd40338cb24fb2da6b3576a5175528410e61ca1e2303d2b2ab4fc1aec6

SHA512
ce949ff179c3a635aeec19ee9e630bc604c43d13061cf953e8ff363d2250f480df7df83235f6202dde97b2f493b6a851aa7ad97b0047a4142a2cfab6a8198a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
3acba3a497ed56331ff5a9cc411bbc37

SHA1
fbfb232b8037eeefc748de721f1b8757af2d1c24

SHA256
3a74d85abcbd20f54ffe9da2583e7565a89dec458428898c892cac1287b6ab4e

SHA512
7a70a2d21a4a00fe097c0a22ba0bbe4410e84a702546acf59359de2e8b57740587865abe7b32ea6b30bf9dc684491e243e72242bfeba0629f8fff5e9a1c57622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
af31d705c794e185491c1f490728d443

SHA1
509748bc70862b2236c0436d0344e9869aa37100

SHA256
7d60c74d861c775d7e10bd5f3fcadb1b3c0c8d5d9a43a84aa36bfbf0d0f599db

SHA512
bbea170baff31df97e7fa75e5e183238ecbbd8dc302288e7559528cd30c8eebafe22a2a5c9b1a6c2181766d1b325d05a8aa698db2b38929424aee2b933181fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e27fe7ae3634d8bf75ef4df97bdf29a1

SHA1
6b1fbdd20ba6d81541f87b2a6c0fd3157829fe78

SHA256
aa7836ee7a84778130106919aa186770f47a6a4e3c04fd4a5bff049f3d5b660b

SHA512
bd573ea0cd69c9aca6ce00cfee1246a066d0892b28aba4bf94bdfd5aea407b9ff744d4b82711f42eeb125a2a2c2827736d4faeba89a33929bc9b82ca1594484e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee2c08059cb38bb8a536567bf6d248c6

SHA1
5f7d20788eac30a2d1fc48248ca91e70726d2404

SHA256
c9e37ce78cdfb4abe142fa2a3d8a6878d5a627c26142284f203786207f658c0f

SHA512
e63f5e26748e764cca55e266b069e464bf636cd14c051991a314b30cf3a48c947d14a5a5b584e422487456d77c8f1a3b05d420a209af9c19fb3b0782a1d373e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2c7fac38a3c2c4c02a217694bebb5d2

SHA1
cb2ebb69e51599eff85f4950a2e47fb0276778ac

SHA256
300cef8294693b4c566a44ba4f6cc1bfb2943d8072e2e858005847829a14f1b0

SHA512
b193128d72a0ecc0e7ea1ea6a6345a779eaeecf3c40b086cd25ba7e4b0deb716f81d6c20d0ca84a68c5d300737f53929d4f44ecdfba4d4eec33075ffae2aa2ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8d5b8b7a566b4efeffc78e8aa76534e

SHA1
621d97ee73f6a0fb3c4b04697f7ba10612186ae1

SHA256
b2b44205ecaf096e9d354d2b7697e6af1be08a9fbd4df453fd60b1f31de7bfbd

SHA512
a427c267bc47e8e2c238517ad1e31ba8dabb7fa9bb852927ea46ab1f85601160c5cd40281b95e8a443f037bd58197e107a6e90b3ebd177e9d735ba15ea229522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c31b7fe2510a9f91c4b421eac05765d

SHA1
7c35eb26aee1cd7975b125faeb7b2463a71255ce

SHA256
63ea23add6330ed35a10c5551b6cda5db369a09bdb0148fc3970668459744510

SHA512
478b36345ff15d774fbb346c17834e962245972cf524227eb009375c31e922fd79c57ab39b0385f9bfb58e9751ab59d432aa85c6547c5a0a3ec37ce6778615cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d552fb85fc0ef61756c61731b2e82f8

SHA1
7ad9b4e7c54a3759affa3ca0f1f4b8334c770e7f

SHA256
ce8c7a8934468a81042006a7db1a20b62795fdf2fea46800ddbf4058f8d12998

SHA512
33a762fd3bbe0984eff1a41b40db45278afbbe9eb47bbcac6e01aac3e37cbf6674199196b6f610a2b0f3759c0e6ac09232cb6470950f4b550a8766ea93ee6510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7f8932bab745434cc48ee4e5d462f7cb

SHA1
a7dbb77202c9a07eb4c388d5b076892b13e6c5f6

SHA256
3136a101294c4e329b4dfa681a830f27cf9511aa6e970830a679fe7dc89eb55b

SHA512
7230459a8b2c33537911e3f1c46146cd175956dfeae4aebe7e70287d4d741af87350ad2d53eb01ccaf41859aaa0201baab74e45dc689a8a542615d29917a28df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b220f83c2144690df7ea045d03a512b

SHA1
9d03e62e91c5e3613188218717709e65ca9f7756

SHA256
00edb795ac7e4e0d1204bec2f4af44be62037fce591e2a65818c006da584c45c

SHA512
e9bad7d2432b41702ab268e3b2b30256eebb3ab236ccf3c42f50c6419c118acdb4bdfffac506714b8a0deeb4c514a9efa617b87c7332619b617841b9cbf9bd83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32a7c521da3227b1b132c886ae46dd7e

SHA1
a115d9757feb6ea334e8bbf0cf1403cfa60a946d

SHA256
3de7da1b4f3e6422e1d091122507bd76ffb7d207b947ef5da336e46bbdd43efc

SHA512
3acdf49278094fbbd77fe37b5753979e7defd8364608d1d0098002ddae95d5866367babeeed69a295fa4d848dab7ac8b1969301acf40765510dcdb3971bf1689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b261bb8455ab02588b630f4c37f722bc

SHA1
4a17cfb8147ad298f464ffe7b5c158711311a07a

SHA256
c717da63503de2f8d62be9f10263c0cdf6c46c2ecd0f9cf5c13aa7b432737357

SHA512
eee61a58c4805ba63c66490cbe70bf3244252aa0725be363ca18e1225d011352f4752fd5e35f16c8c593ff2432af339d7475fd35523f8e2268f920a46398e188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5c583862b6be7f28d38014c387c8fd39

SHA1
5a521ef72503e5ec6866735226f77e606d334910

SHA256
413f2d3b9a0f1026283fc5eab91afc1f210624f7922956930176b8a3508651c9

SHA512
3e873be55dd5b0bf61b4436ac0bf3e959bbf788acec5cad9336c2479d6374f123100dbe9aa7e81754ba691b692af0636143b67133548519d717f729f8e33459a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bfae8461d1b384c1e081f191301788f9

SHA1
28f3901a315dcde25f6ba6f9a36c3662d0aea4c0

SHA256
0429014b1a7918494a968c6912a8501a193762be76f70c7a7ab73b1b3048f6cf

SHA512
f93647b24fac1b3b25e07a607d4f3b9645344c6eec8f3cf2493a2e8dea4e01f78894beb56330d44c347c09add545c42e76fc31e0554b6e9f1b7d453cc168b2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4410808d54929ba602099baa7e7ab9a2

SHA1
52bfb8d02347f910d9b11183f19e7aaaa9779f57

SHA256
3cecc0855b2d7a5701df8171b7bd6cefd333939159806e55ca5f8144d1930107

SHA512
2f03fd10ab5d6259f71f082384b758d59dac5724d92b365b10674f06c6c25aabd3ec1799f2e2d6b3ea95a50bec0e583edbad23aaa5d42abbc8e21429655cb42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1f9dcb994b24dec96c67e39078c0b55f

SHA1
4508722258b46e4ed5eb6fc6b19ffb99abf3b804

SHA256
a49deeb5a422243602d0f69bc1218b034f7a335716af1c99d7d07e7dffd1416b

SHA512
5e8bd3b48ff97fe152412990127395f2335c38567df8a2730f35241e0031f0998874380d1081c8f97d6f6d2a00793b1092977e6f3add7f87d1993f05a8e6d263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fc52fc7a3b9a0ab5d0cd278c662e6b57

SHA1
e2c922d5b075547c5a9ab0adb40f278166f6f2c6

SHA256
b25e140806427d1a2deeb34c43bc9d06847c1cd762772ec454f58a034b25fbf2

SHA512
d8fe38b3a093d292fb83f7174003bfa1096f16491c285301bfae6cd564ac3bf23806159d9e8d64c6d636b19f9fbc1f9fce990244f8863c59a308210cf6585633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
854cc26f81e9b9a6ce00058348237e25

SHA1
595324d06243e0f9553fd403651a2cfaa54f1a8d

SHA256
87525e2780e27cfe777c60daca66636d60e5c5d2cadfbbb20b0979d31ff58294

SHA512
0c8ac2daa445e5a1cd084deaf801de442a98d287608be7831036cc37065771e6a68cd7854071a0d5b49d1ecfefc729236176085e405feef285e78037a525be8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1196ed495aa8a696db00280bcb6e5eab

SHA1
1fa0dbc2ad36ab7fb7aae65d14a55fda73098508

SHA256
a3320fa39dce0513405069325a04be5285c187d7e019a275ccefa7229330c755

SHA512
61308808510dd4d7cbba57135b7a923d9f3d29546cf823316b73f5b61f6180876a1a79ec3068d8d60d932ae3f655b06111ddb2e05855c27f2b21b6083b929bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ff64e396ed988f0b6c18eef6aab6e207

SHA1
702d20d3d2504fa9c6a7ff0c91909c50af0e6285

SHA256
193e93bd4907ac653608f335c1ed32ff9af532925e713f3ef9863a090ae707e1

SHA512
2d309bba2ce99a377e8bdc8678c0e2d6b2fe71684c2a8cca2bf8dbd2a94b97ac05d537adf5921ab083a87dbbb1c44e1c6344978d04387ab35f3fa4f43a2a3f20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
779320ce5e20b84b5319a49ff6d21142

SHA1
9e1ed250989ba3433aac2f8167a1a1fdae46771b

SHA256
8161e1019f8ad6aa67662ff39d70bb6f4bd336cedd60bc995650f36d1de8db2d

SHA512
8b34cd01a00f5a0b2bd328745f73f9d609a9f7aa9e6b7f484e5369e5ff44f3b341aa708111950fa54b15108618c5be78eea0944d59d4822c562256e66ed6645d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b8c48185bbd10adc1762696b74dc94c5

SHA1
91e9ee849f5a6412e03dace4022f63ba07cf264a

SHA256
fdcffa3935436d6d3147afb3038ed613fa02fb482ded9702fa4995b8a0394846

SHA512
cf90e5ed3fce9e5c262bd81b56e0e3dc33ecc5d283b069a3f33a45b753cb836f9f5e577c2b13f205cf63485678243ef0f519fb9eb9e30876d1a977cb1910aee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ce619ab06372f8e5c633931f04617a7a

SHA1
b530b264ff1a15c7ba25d8107ac928ca9a659586

SHA256
f0f7f992ad2fd6f47234991920509188325847538e8927ea82fd17b71afcffae

SHA512
1677d8a0880c07f2b91dd11008c5b2bf7a656d57773ea7f7b4d29727da7f47c7dc4593abdf371f0ddb88083df82691233c6102ca18b30ebb1a65e90392d8cc7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
199225113998ee9ccc9ccef97a9599f3

SHA1
366e5f74896a5c674f4fdc485aca11d5dfd6d165

SHA256
c0c070b1cba918089b8cacaae569c09b6fd8f0aa27758c4b48a334363747942a

SHA512
964ba3d9cf531fa39375953322b0993051db8e7dd60bc4d44789c1c9367bc579dd392da5f1e223bb702f5cfbac11b56e493edd381d206c373cde435d3ce5c947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
76B

MD5
1ea0b2c725afbf5cf4ee6f729c17bc41

SHA1
e4ebabfa84279cd1ae491114c97a685b23fca8fd

SHA256
388e8f37ce09dd9976b0cbde9246d9ba37b61eecabfb6f848513ecdbaa877e1b

SHA512
029e7705b92fd295c1113d16f9d69f61b46bec40ec2fafd7bc805397e091b145b6e030b7b3b33bc23efbcea8546580e9e804d937587ef1af6154ccde42b4ad2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe5abebd.TMP

Filesize
140B

MD5
e9c641e9b4cfb4c50087a91569b6967c

SHA1
1fb99a2578c211016035372d927d820c3a6b032c

SHA256
0aa25e893b970f5a9155eed9161ced12b373447ceac6957829cb265455ad13b9

SHA512
da489abea82534fdad80b0a8f94b40aad3bcf6fa0fc1579ddfb5af33a28e18a575c59a515d13ed8db45e62f07998b78fa5dbd6c9eaed1af58a60c12bfe53198f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
8c35915a0c1e06939cc3eb704eb82ee6

SHA1
567961bbfd0dc94da79f8a15ad6d0514a46a9d55

SHA256
c28ee3101fdcfcbe6d4687977ed1e04c0fd6ff49f4cfb04435a445a473a5830d

SHA512
4f6c609fcfe9a8503e8dd608e79c030b2470932f92550dc71c03b2d0e13909a4a9dee826d5ac730fde38e317991b4565baf5f5064ecdd7275b1be3f19337ebc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e71ce01f8294921603ceffbe70df3279

SHA1
5f194741a30c2c2b3d32051a19035e6924f92dc1

SHA256
8076290900e1324e1f77c96bfafe831297914a72125a6fd1dc5862fe4a814b71

SHA512
5be35d23a2cf16cb843e98fc6391c16964b66c527b2f376c7e83838e11cf10f5cb8dd0f5c0d81fa205540916630b32038f9445598fddc45c02c387a839164b34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
3f506ea0144284bb6989e71b084f88d7

SHA1
450137dbe4260a40158982c1edb867d7828f8ce3

SHA256
86e8300a600775a70cab6c50b5fa14dd65daf96018e93b9cc0be79e614a38d09

SHA512
46b499a0ac142ef8a22ab2247da550d3854b6d72152ed4f95e269170b76abb5e49d7e1befe0d38166bd1c13f8f4751228a4c434983173966a274f92aef277ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b78521da95d0444c8b8b263e6d31814f

SHA1
15144cf24c5cc906b08030f4aeee7b428ae21f11

SHA256
269337ee9548d08ba6a546317fde3c004b6dd96bc03d9eaa300f4c630012df1b

SHA512
11cc6a2693d1b64f52234b6ee3a2e260c9b676a5ae5ae35a3c12bf36c83952d19fd0fe8a996e694edf7d4f6a730c53ee89b11b71aacd5c855675e1f8b615e830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
d9a714a6fef463f9bc66104cf70af55c

SHA1
e0a1abc25a70d395a781295e995b33f2d74e2f6c

SHA256
18d5c60d33d4f47529f204a676120572e266b432c46d413657c2e5dd5a350904

SHA512
58882cd83f69b51a76cf6041eea285d84e306d890dd7f7eb617a17b4839fccdeb0aa078ac9f5646253b398c28aab89568b1ad731f3b450d625bd4675fe00ea7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4e514751688a11bc92eb28664f299ddd

SHA1
042404097b36fc5c413b5e65bdb9852a3682274f

SHA256
4f71f887b7a97cbf8c943ac6e80d9e54dcd065c787dc9a6efe4a96855c276ae2

SHA512
860a0345b67d47343993b59b0a6712c3b4c7afa2ba87a0d80f897be0fe29774af27eb9cfba73294dfba9921dff1739c676167d98abe29c304da19e77b75c5fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
437af5deb9363dc116832786a6ad9301

SHA1
7ff68def814b7180c901a6ae23199317c72c5903

SHA256
81b834d28faf15927f40a701855b916c56e7049e2ec6d956ed9ab690d6b72d61

SHA512
00b1b14cdb473564d0f486bfdbad216d9c43238b8668e3effe8570e756947d49c6d5f8970c24fe9ec1e31b1bad7f43a6cb060ad40ed257f05c454f293c0bddd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4324_1389078751\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4324_1389078751\ae6ce2ff-39fa-449d-915d-f7ebdd0af9da.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).exe.crswap

Filesize
381KB

MD5
946ba3a87dabdce5d8e32523f23a753d

SHA1
df24813cedcbf2a4cb159645dea55b3db0acb6c0

SHA256
af7e944fcd4f8676bcd1b520c4ec362806ca1c029f1974d750e4a00a2bf34f14

SHA512
f233b481f0ee85e1945beab3db92848986eac4d58fd42d9120f635670689fec93affcfd0d3182efecac172f116bdeea98a013c2117b9c582f5b3c1e273d817b1

Download Submit
C:\Users\Admin\Downloads\[NEW] Roblox Executor Hack (Undetected).zip

Filesize
356KB

MD5
bb2a68093704842704dbfec950b0d84d

SHA1
6aafaa2124a37f60cb316bf8c63633ae152ca5f6

SHA256
24310ffc8ea9f3fb9c05f87b657c64e32b80c8df9f88fc789aa01ace3cbd2cb2

SHA512
6c92025ca86297421b9032b77b59efe9d229f6c11323ab9f55d4c7177cf36bf538657e5a59cae44896292a597e641289ebd7677b54645f94704bdc1c3af54e11

Download Submit
memory/6732-1732-0x0000000000600000-0x0000000000664000-memory.dmp

Filesize
400KB

Download
memory/6732-1733-0x0000000005500000-0x0000000005AA4000-memory.dmp

Filesize
5.6MB

Download
memory/6816-1735-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/6816-1736-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download